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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

LISTING OF CLAIMS: 

Claim 1 (currently amended) A process for restricting unauthorized operations by a 
computer user, comprising: 

using a security executable to create a list of authorized operations for said computer 

user; 

attaching a hook function to all new processes; 

employing the hook function whenever a new application is started to send a message to 
the security executable, said message including a process id and path of the new application^,]]; 

receiving said message from the hook function at the security executable and correlating 
to said list to determine whether the new application is authorized or not; 

answering the message by the security executable when the new application is authorized 
to indicate so; 

stopping the new application when the new application is not authorized. 

Claim 2 (currently amended) A software system for restricting unauthorized operations 
by a computer user, comprising: 
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a first program module , which is a hook procedure, for automatically attaching to all new 
processes and for querying an ID of each said new process; 

a second program module in communication with said first program module, said second 
program module using a security executable to build building a list of allowed applications, 
r e trieving retrieve the ID of each new process from said first program module, and terminating 
terminate each process not identified on said list of allowed applications. 

Claim 3 (original) The software system for restricting unauthorized operations by a 
computer user according to claim 2, wherein said first program module is executable in user 
mode. 

Claim 4 (currently amended) The software system for restricting unauthorized 
operations by a computer user according to claim 2, wherein said first program module is 
attached to new processes by tying into the USER32 using the system dynamic link library . 

Claim 5 (original) The software system for restricting unauthorized operations by a 
computer user according to claim 4, wherein said first program module is a Windows hook 
procedure. 

Claim 6 (original) The software system for restricting unauthorized operations by a 
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computer user according to claim 5, wherein said first program module communicates with said 
second program module by sending a message with the process ID and path of the process being 
examined. 

Claim 7 (original) The software system for restricting unauthorized operations by a 
computer user according to claim 6, wherein said second program module communicates with , 
said first program module when said process is authorized by answering said message with an 
indication that said process is authorized. 

Claim 8 (original) The software system for restricting unauthorized operations by a 
computer user according to claim 6, wherein said second program module automatically 
terminates said process when not authorized. 

Claim 9 (currently amended) A process for restricting unauthorized operations by 
computer users in a network environment, comprising the steps of: 

maintaining using a security executable to create and maintain a list of authorized 
processes and IDs for each computer user; 

attaching a hook function to all new processes; 

monitoring all new processes that are started with the hook function and determining an 
ID thereof; 
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receiving said ID from the hook function bv the security executable: 
determining whether the ED of each started process is on said list; 
allowing said process to continue when its ID is on the list; 
terminating said process when its ID is not on the list. 
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